I apologize for being a complete moron, but I have spent 3 days on this and it still doesn't work.
I set up a Sun ONE Directory Server 5.2. It has one user, Troy, and is running on my Solaris 10 machine. Using Telnet, Troy can login just fine and be authenticated. Additonally, from my other Solaris machine, Troy can log in just fine. Setting up the LDAP client in Solaris was fairly easy.

On myRH 4 AS machine, I have two users locally, root and sqa. I want Troy to be able to log in using LDAP authentication, but when I try to log in from the Linux machine, I get nowhere. The login dialog just gives me an error message saying the user or password is invalid. If I try to log in as sqa now, I get "authentication failed" which means that only root can log on to the Linux machine. The /var/log/messages contains:

9:27:43 redhat4asclean gdm(pam_unix)[2905]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Aug 23 09:27:43 redhat4asclean gdm-binary[2905]: pam_ldap: error trying to bind (No such object)
Aug 23 09:27:46 redhat4asclean gdm-binary[2905]: Couldn't authenticate user
Aug 23 09:27:56 redhat4asclean gdm(pam_unix)[2905]: check pass; user unknown
Aug 23 09:27:56 redhat4asclean gdm(pam_unix)[2905]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Aug 23 09:27:56 redhat4asclean gdm-binary[2905]: pam_ldap: error trying to bind (No such object)
Aug 23 09:28:00 redhat4asclean gdm-binary[2905]: Couldn't authenticate user
Aug 23 09:28:06 redhat4asclean gdm[2905]: pam_ldap: error trying to bind (No such object)
Aug 23 09:28:06 redhat4asclean gdm[2905]: Couldn't set acct. mgmt for sqa
Aug 23 09:28:13 redhat4asclean gdm(pam_unix)[2905]: session opened for user root by (uid=0)
Aug 23 09:28:14 redhat4asclean gconfd (root-3113): starting (version 2.8.1), pid 3113 user 'root'

The first one, "no such object," is Troy (he exists in Sun ONE DS only). The second one is sqa (he is local Linux machine user). The one that finally works is root.

I have modified many .conf files, to no avail! Is there some basic setting that I just don't have set properly? Here are contents of other files:

/etc/ldap.conf is trying to bind to the LDAP server with name of the default Sun user. Was I supposed to use that proxy agent guy instead? I'm confused here:

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=Directory Manager,dc=mydomain,dc=com


# The credentials to bind with.
# Optional: default is no credential.
bindpw thepassword

What is this for?:
# Filter to AND with uid=%s
pam_filter objectclass=posixAccount

I am using "crypt" in Solaris for the unix authentication. Am I supposed to uncomment this line:
# Hash password locally; required for University of
# Michigan LDAP server, and works with Netscape
# Directory Server if you're using the UNIX-Crypt
# hash mechanism and not using the NT Synchronization
# service.
#pam_password crypt


As is obvious, I am incredibly confused by all the different user and binding and such (There is Directory Manager in Sun, and some posixAccount user, whose purpose I have no idea about). Hopefully, someone can help me here! Thanks in advance for any help!

Erikka

Alright, real quick.
You are unable to bind to the LDAP server. That is the PAM error. Now, I'm not sure if "Directory Manager" is just what you stuck in there because this is a public forum, or if that actually is your DN. If it is the DN, try Directory\ Manager (use the slash)

I assume that you have PAM setup to use the PADL nss_ldap module, and that you have configured NIS?

One quick thing that you can do, is use the command getent passwd (or group, or shadow). This will show you all of the users, groups, or shadow entries that PAM has access to, via local files, or LDAP. Great way to test after config changes without logging in/out.

The other thing that you can do, is configure not just /etc/ldap.conf, but also /etc/openldap/ldap.conf. /etc/openldap/ldap.conf is the file that is used by the openldap suite of tools, such as ldapsearch. Try running an ldapsearch against your machine, and see what you come up with.

The other question that you had, is what is the pam_filter object_class=POSIXAccount entry?
When you do an LDAP query (you'll figure this out by using ldapsearch ) - one of the parameters that you can search by, is an object class. This will return all of the entries of a given type from that LDAP server, provided it is a valid class in the schema.
In this case, it is telling the LDAP that all PAM cares about is the username (POSIXAccount) entries in the schema, so when you query for a user - look in all of the POSIXAccount entries.

The password encryption setting tells LDAP whether or not to use the standard password hashing used with /etc/shadow on the LDAP passwords, if you are configured to use LDAP for authentication as well. If you didn't create the passwords using the hash, or you aren't using LDAP for authentication - don't worry about this one.

Try a couple of these things, and let me know what happens.

-ppb